Skip to content

aws: Update EBS CSI driver to v1.47.0 #17552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 11, 2025
Merged

aws: Update EBS CSI driver to v1.47.0 #17552

merged 2 commits into from
Aug 11, 2025

Conversation

@hakman
Copy link
Member

@hakman hakman commented Aug 11, 2025

This also removes any dependency on the public.ecr.awsregistry.

/cc @rifelpet @ameukam @torredil

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/addons size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Aug 11, 2025
@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

/retest

@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

/override pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Aug 11, 2025

@hakman: Overrode contexts on behalf of hakman: pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons

In response to this:

/override pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

/test pull-kops-e2e-k8s-aws-amazonvpc
/test pull-kops-e2e-k8s-gce-ipalias

@ameukam
Copy link
Member

ameukam commented Aug 11, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 11, 2025
@hakman hakman force-pushed the ebs-csi-driver-1.47.0 branch from b3d61f0 to b97df8d Compare August 11, 2025 15:49
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 11, 2025
rifelpet
rifelpet reviewed Aug 11, 2025
View reviewed changes
upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
# --set sidecars.snapshotter.forceEnable=true \
# --set controller.enableMetrics=true \
# --no-hooks | grep -vi helm
#helm template aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver -n kube-system \
Copy link
Member

@rifelpet rifelpet Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could make this easier for next time if we persisted the values overrides for the image registry:

https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/7ab5c68a7705536d87a28fbe2b90ee8fe85b79af/charts/aws-ebs-csi-driver/values.yaml#L6

Suggested change
#helm template aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver -n kube-system \
#helm template aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver -n kube-system \
# --set image.repository=registry.k8s.io/provider-aws/aws-ebs-csi-driver \
# --set nodeDriverRegistrar.image.repository=registry.k8s.io/sig-storage/csi-node-driver-registrar \

etc.

Copy link
Member Author

@hakman hakman Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that much, they still add some eks-specific suffixes.... 😞
At least this way it's clear that it's totally different images.

@rifelpet
Copy link
Member

rifelpet commented Aug 11, 2025

I'm slightly concerned that the ECR image forks have significant changes from the registry.k8s.io images.

ECR doesnt have node-driver-registrar v2.14.0, but comparing v2.13.0:

 docker history public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.13.0-eks-1-33-latest
IMAGE          CREATED        CREATED BY                                      SIZE      COMMENT
ab823174114d   10 days ago    ENTRYPOINT ["/csi-node-driver-registrar"]       0B        buildkit.dockerfile.v0
<missing>      10 days ago    COPY bin/node-driver-registrar/linux-arm64/c…   18.4MB    buildkit.dockerfile.v0
<missing>      10 days ago    COPY ATTRIBUTION.txt /ATTRIBUTION.txt # buil…   36.8kB    buildkit.dockerfile.v0
<missing>      10 days ago    COPY LICENSES /LICENSES # buildkit              377kB     buildkit.dockerfile.v0
<missing>      10 days ago    ARG TARGETOS                                    0B        buildkit.dockerfile.v0
<missing>      10 days ago    ARG TARGETARCH                                  0B        buildkit.dockerfile.v0
<missing>      4 months ago   COPY /newroot / # buildkit                      6.15MB    buildkit.dockerfile.v0
<missing>      4 months ago   USER 0                                          0B        buildkit.dockerfile.v0
<missing>      4 months ago   ENV PATH=/usr/local/sbin:/usr/local/bin:/usr…   0B        buildkit.dockerfile.v0

 docker history registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0
IMAGE          CREATED        CREATED BY                                      SIZE      COMMENT
41646657b015   7 months ago   ENTRYPOINT ["/csi-node-driver-registrar"]       0B        buildkit.dockerfile.v0
<missing>      7 months ago   COPY ./bin/csi-node-driver-registrar-arm64 c…   27.1MB    buildkit.dockerfile.v0
<missing>      7 months ago   ARG binary=./bin/csi-node-driver-registrar      0B        buildkit.dockerfile.v0
<missing>      7 months ago   LABEL description=CSI Node driver registrar     0B        buildkit.dockerfile.v0
<missing>      7 months ago   LABEL maintainers=Kubernetes Authors            0B        buildkit.dockerfile.v0

I'm wondering if the ECR fork includes any changes that we need and would lose if we switch to registry.k8s.io.

@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

I'm wondering if the ECR fork includes any changes that we need and would lose if we switch to registry.k8s.io.

@torredil Any thoughts on this Q? Personally, I would prefer to stick with community images, if possible.

@torredil
Copy link
Member

torredil commented Aug 11, 2025

@hakman

I'm wondering if the ECR fork includes any changes that we need and would lose if we switch to registry.k8s.io.

You won't lose any functionality - we fully support using the community sidecar images(registry.k8s.io). The main difference is that the AWS-owned images published to public.ecr.aws will have less CVEs (they are built using a minimal base image, and CVEs are patched regularly, weekly / bi-weekly cadence depending on the severity of the report).

@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

/override pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons
/override pull-kops-e2e-k8s-gce-cilium

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Aug 11, 2025

@hakman: Overrode contexts on behalf of hakman: pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons, pull-kops-e2e-k8s-gce-cilium

In response to this:

/override pull-kops-e2e-aws-upgrade-k132-ko132-to-klatest-kolatest-many-addons
/override pull-kops-e2e-k8s-gce-cilium

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@hakman
Copy link
Member Author

hakman commented Aug 11, 2025

@hakman

I'm wondering if the ECR fork includes any changes that we need and would lose if we switch to registry.k8s.io.

You won't lose any functionality - we fully support using the community sidecar images(registry.k8s.io). The main difference is that the AWS-owned images published to public.ecr.aws will have less CVEs (they are built using a minimal base image, and CVEs are patched regularly, weekly / bi-weekly cadence depending on the severity of the report).

Ah, cool, thank you for the explanation @torredil! 🙂

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 11, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Aug 11, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 11, 2025
@k8s-ci-robot k8s-ci-robot merged commit 896dbb2 into kubernetes:master Aug 11, 2025
28 checks passed
@hakman hakman deleted the ebs-csi-driver-1.47.0 branch August 11, 2025 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rifelpet rifelpet rifelpet approved these changes

@ameukam ameukam Awaiting requested review from ameukam

@torredil torredil Awaiting requested review from torredil

Assignees

@rifelpet rifelpet

@ameukam ameukam

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/addons cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hakman @k8s-ci-robot @ameukam @rifelpet @torredil